ci: centralize governance — remove local workflows duplicated by central .github#39
Open
seonghobae wants to merge 1 commit into
Open
ci: centralize governance — remove local workflows duplicated by central .github#39seonghobae wants to merge 1 commit into
seonghobae wants to merge 1 commit into
Conversation
…workflows These local workflows duplicate the org-wide CENTRAL required workflows in ContextualWisdomLab/.github (Security Scan = trivy-fs/osv-scan/scorecard, CodeQL PR, OSV-Scanner PR, Scorecard PR) that already run in this repo's context on every PR. Keeping local copies causes double runs, duplicate SARIF uploads, and duplicate CRITICAL/HIGH failures. Removing them so the central required workflow is the single governance gate. Removed: - .github/workflows/scorecard-analysis.yml Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01RTAMs4bpSZS77Xe3RQjv9P
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Consolidates governance/security CI into the org CENTRAL required workflows (ContextualWisdomLab/.github).
The removed local workflows duplicate the central required workflows that already execute in this repo's context on every PR:
Duplicate local copies cause double runs, duplicate SARIF uploads, and duplicate CRITICAL/HIGH failures. This PR removes only the redundant governance workflows; functional build/test/lint/deploy and gap-filling security (bandit/semgrep/secret-scan/sbom/fuzzing) are left untouched.
Removed:
🤖 Generated with Claude Code